Be careful what you share on WhatsApp, it may not be as secure as you think

Posted:  January 16, 2018   By:    10 comments   


WhatsApp is easily the application I use the most on a daily basis on my smartphones. I use it for work, I use it to reconnect, and I use it to send silly memes to silly people all the time.

Odds are, WhatsApp’s probably super important to you too. But when something’s very important, there will be people who will want to exploit it for malicious purposes — especially considering the amount of information that gets shared via WhatsApp. And the bad news is that these bad people may have a way in if you’re not careful.

It’s easy to lull yourself into a false sense of security when using WhatsApp, especially after the company rolled out end-to-end encryption in all forms of communication across their entire platform. However, a group of researchers found a flaw in WhatsApp that could potentially be a gate into your secure conversations: Group chats.

Yup. According to the researchers, anyone who has control over WhatsApp’s servers could insert new members into private group chats without the permission of the group’s administrator. TechCrunch reports that the flaw takes advantage of “a bug in how WhatsApp handles group chats”. Because only the administrator of a group can invite new people in, WhatsApp doesn’t use any authentication mechanism for invitations that “its own servers cannot spoof”.

This means that once an attacker gains access to WhatsApp’s servers, they can insert themselves into groups, gaining access to any future messages in the group. That said, they won’t be able to read messages sent prior to them joining the group.

Tech Crunch also reports that attackers with access to WhatsApp’s servers could selectively block any messages in the group, preventing participants from warning the others of the intruder.

While this could potentially be a not insignificant vulnerability, the attackers would first have to hack into WhatsApp’s servers, which is no easy task. Cybersecurity company Kaspersky Lab’s security researcher Victor Chebyshev said that hacking Whatsapp’s servers is “not easy from a technical perspective” and that it “takes a lot of time and effort”. Victor says that it’s far easier for attackers to hack and gain control of a group chat member’s mobile device than it is to hack the servers.

Nevertheless, you should be careful with the information you share in WhatsApp group chats. One way would be to pay close attention to the members of your group and verify their security code for extra security. Administrators should also monitor and manually control the addition of new members.

If you absolutely must share sensitive information like passwords or pictures of your junk (why are you doing this in a group chat, btw), do so via private messaging instead.


Android, iOS, Mobile Apps, Mobile OS, News, Others
, , , , , , , , , , , ,
Wanna say something?






 

10 Comments for Be careful what you share on WhatsApp, it may not be as secure as you think

Jewish Core

That’s him again

GRexer

Never a fan of people randomly adding me into random group chats in WhatsApp for a reason. 😉

Willy

False positive. Unnecessarily trying to tarnish Whatsapp’s name for a small issue. This is the same as telling people don’t jump into a pool of crocodiles. Btw, private messaging is more unsafe than Whatsapp. Get your facts right, author.

    Rory Lee

    Hi. When I said private messaging, I meant private messaging via WhatsApp. Hope that clears things up. Cheers!

      OM

      Do you even know what the definition of “flaw” is? This whole article is nothing new.

    OM

    Yup. Agreed w you there 100%

Ashar

From the above report regarding WatsApp hacking in group chats the company’s representative could not satisfy their users and even they have no quick solution to overcome this issue however they have just suggested to them to avoid sharing theirs srcretes.

Carnchanar

Good

unown

Looks like Rory is using the OP5T?

Wanda

Why do you think China and Russia banned FB and this? Instead they start their own social messaging apps?1B citizens personal information is just too valuable to be shared among a bunch of globalist thieves that isn't loyal to any country. These people are selling mass surveillance tools similar to the reported FinSpy camouflaged as social messaging tools. The thousands staffs monitoring conversations are place by country governments participating in it.